• How to Buy
  • Contact us or one of our partners for information on how to buy
• Read the Whitepapers
  • 

    NERC CIP Compliance

    Read the paper

    PCI Compliance

    Read the paper

    HIPAA Compliance

    Read the paper

    Sarbanes-Oxley Compliance

    Read the paper

• Request a Demo
  • See how NitroView can work for you … register now

Security Operations and Compliance, Working Together

NitroView supports a variety of compliance efforts, with hundreds of prebuilt compliance reports included at no additional cost.  In addition, every compliance report is paired with a real-time compliance dashboard, consolidating your regulatory compliance requirements with your daily security operations in order to maximum efficiency—and avoid surprises during an audit.

NitroView also helps meet the requirements of PCI-DSS, HIPAA, NERC-CIP, FISMA, SOX, and others by enhancing your visibility into data access, data usage, and user identities and roles, and applying this context to your security events and device logs.  This provides human-readable information, correctly formatted and organized—reports that are as easy for your auditor to use as they were for you to generate.

Continuous Compliance

Compliance and Security today stand locked in an uneasy balance. While many often quote "compliance is not security", the reality is more complex and for many organizations, for better or for worse, compliance in fact IS security today. In even more cases, auditor-focused projects compete with attacker-focused projects for resources and executive attention and the theme "I might be hacked but I will be audited" stands as strong as ever. Read More...

CFATS

The Department of Homeland Security (DHS) has implemented the Chemical Facilities Anti-Terrorism Standards (CFATS) to protect high-risk chemical facilitates against terrorist attack. Chemical facilities utilizing chemicals of interest (defined in CFATS Appendix A) are considered “high risk,” and are required to perform a Security Vulnerability Assessment, and to develop a Site Security Plan under regulation 6 CFR Part 27. Guidelines for implementing the security measures of CFATS are presented in the form of Risk-Based Performance Standards (RBPSs). Read More...

FISMA

The Federal Information Security Management Act (FISMA) Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60. Additional security guidance documents include NIST Special Publications 800-37, 800-53, and 800-53A. This covers many aspects of security including physical security, personnel security, contingency planning and others. Read More...

GPG 13

The Good Practice Guide No. 13 (GPG 13, issue 1.5 Dated August 2010), released has been originated by CESG and aimed at providing compliance for Central Government and the police. GPG 13 supersedes IM22, outlining the Protective Monitoring expectation in relation to the Security Policy Framework released by the Cabinet office. The guide is to be used in conjunction with HMG IA Standard No. 1 (IS1) Parts 1 and 2 to provide an in-depth security capability and form part of the larger security policy. GPG13 compliance can form the baseline to meet the mandatory requirement (SPF MR039) of the Codes of Connection (CoCo) compliance for all local authorities, which has been in effect since 2009. Read More...

HIPAA / HITECH

The compliance landscape for healthcare organizations has changed significantly since the passage of the legislation creating HIPAA in 1996, and the subsequent introduction of the HIPAA Security and Privacy Rules. In 2009, the passage of the HI-TECH Act as a part of the American Recovery and Reinvestment Act of 2009 (ARRA) ushered in changes in what kinds of organizations are considered covered entities, and changes in scope for compliance requirements for healthcare organizations. Read More...

NERC CIP

NitroView is the ideal solution for operators of critical infrastructure including electric utilities, water, gas, chemical, and nuclear facilities. Whether facing the cyber security requirements of NERC CIP, CFATS, and HSPD-7, NitroView is able to monitor and protect the assets and operations of SCADA and Industrial Control System environments. Read More...

PCI-DSS

PCI DSS provides highly specific guidance for the credit card industry as to a minimum required set of security controls. In the credit card industry, Qualified Security Auditors (QSA's) assess and determine where the organization is in compliance, and where there are issues and gaps to be resolved. These findings are communicated in the QSA's Report on Compliance (ROC). Read More...

Sarbanes-Oxley

Sarbanes-Oxley requires that all financial systems and operations are centrally monitored and reviewed. This is often translated to centralized log collection and analysis—however, logs often don't contain the level of detail required to address the real concerns of SOX, which requires an audit trail of all access and activity to sensitive information as it relates to business operations. NitroView's content awareness takes compliance to a new level by providing the required user, network, application, and policy contexts. Read More...